diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2012-03-17 20:33:38 +0900 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-03-20 12:06:50 +1100 |
commit | 7d7473dbdb9121dd1b5939566660d51130ecda3a (patch) | |
tree | 057bf591dd896c01a2b35b31dc41996d3d9e51b8 /security/tomoyo | |
parent | b01d3fb921df9baef1ecd13704f4b1e269b58b6b (diff) | |
download | kernel-common-7d7473dbdb9121dd1b5939566660d51130ecda3a.tar.gz kernel-common-7d7473dbdb9121dd1b5939566660d51130ecda3a.tar.bz2 kernel-common-7d7473dbdb9121dd1b5939566660d51130ecda3a.zip |
TOMOYO: Return error if fails to delete a domain
Call sequence:
tomoyo_write_domain() --> tomoyo_delete_domain()
In 'tomoyo_delete_domain', return -EINTR if locking attempt is
interrupted by signal.
At present it returns success to its caller 'tomoyo_write_domain()'
even though domain is not deleted. 'tomoyo_write_domain()' assumes
domain is deleted and returns success to its caller. This is wrong behaviour.
'tomoyo_write_domain' should return error from tomoyo_delete_domain() to its
caller.
Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index d8561c30fbf2..8656b16eef7b 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1069,7 +1069,7 @@ static int tomoyo_write_task(struct tomoyo_acl_param *param) * * @domainname: The name of domain. * - * Returns 0. + * Returns 0 on success, negative value otherwise. * * Caller holds tomoyo_read_lock(). */ @@ -1081,7 +1081,7 @@ static int tomoyo_delete_domain(char *domainname) name.name = domainname; tomoyo_fill_path_info(&name); if (mutex_lock_interruptible(&tomoyo_policy_lock)) - return 0; + return -EINTR; /* Is there an active domain? */ list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { /* Never delete tomoyo_kernel_domain */ @@ -1164,15 +1164,16 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); unsigned int profile; if (*data == '<') { + int ret = 0; domain = NULL; if (is_delete) - tomoyo_delete_domain(data); + ret = tomoyo_delete_domain(data); else if (is_select) domain = tomoyo_find_domain(data); else domain = tomoyo_assign_domain(data, false); head->w.domain = domain; - return 0; + return ret; } if (!domain) return -EINVAL; |